The hashlimit module works basically like ‘limit’ but can be used with source IP, destination port, destination IP and source port, thanks to the –-hashlimit-mode option. Is there anything similar that allows to use the mac address as well (something like "–-hashlimit-mode srcmac,dstmac")?
Asked
Active
Viewed 33 times
0
-
3Could you describe what is the actual issue you are trying to solve? – Tero Kilkanen Oct 25 '21 at 16:13
-
I'm trying to solve a message logging problem. Messages contain informations about the source and destination (IP address, port and mac address). I want to avoid the logging of two identical messages for a certain period of time and I can do this pretty well using hashlimit module, but it doesn't consider the mac address. So two messages with the same IP address and port but with different mac address will be considered identical and only one will be logged. – Harry Oct 26 '21 at 15:36
-
Why would there be different MAC addresses for a certain 5-tuple of L3/L4 address combination? – Tero Kilkanen Oct 26 '21 at 18:20
-
Because the device has got more than one ethernet network card. – Harry Oct 27 '21 at 07:16